* qubesos/pr/63:
archlinux: restore setup of pam.d/su-l
archlinux: remove python3 dependency
archlinux: ensure [options] section is present in all pacman drop-ins
archlinux: enforce usage of python2 in all scripts
Makefile: avoid using python interpreter as a static name
archlinux: create user 'user' using bash by default instead of zsh
archlinux: ship pam.d/qrexec as a replacement of using su
archlinux: do not mess with locales in post-install script
archlinux: remove pam configuration for su and su-l
archlinux: remove deprecated setup of pam since v4.0.3
Add the 4.0 repo to the PKGBUILD sources list
Restore the binary pacman repo and update it for QubesOS 4.0
Fix the makefile for archlinux - SBINDIR is already /usr/bin
Update the arch PKGBUILD script for QubesOS 4.0
systemd-timesyncd.service isn't enough, for various reasons:
- it is started too early in the boot process - files in
/var/run/qubes-services are not yet there
- by default it does only one shot synchronization, and there is no
network at that early boot time yet
- by default use-ntp is set to "no"
So, in addition, enable actual ntp client.
FixesQubesOS/qubes-issues#3210
Since the qubes-download-dom0-updates script executes dnf with fakeroot, some dnf plugins like etckeeper break the update with "Permission denied" errors.
qubes-gui agent calls su-l instead of initializing its own pam
session such as qrexec.
pam.d/su-l qubes specific configuration must be restored to ensure
that the user login session is properly initialized:
https://github.com/QubesOS/qubes-issues/issues/3185
* fixes-20171019:
debian: cleanup after splitting qubes-core-agent
Fix removing temporary file after editing in (Disp)VM
network: fix rules for network setup on new udev
debian: disable timer-based apt-get
Fix removing the file - do not free its filename just before unlink call
(scheduled with atexit function).
At the same time, place the temporary file in a unique directory,
making it possible to edit multiple files with the same name at once.
Remove that directory at exit too.
FixesQubesOS/qubes-issues#3112
New udev have `DRIVERS` matcher, instead of `ENV{ID_NET_DRIVER}`. Add
appropriate rule to the file. Without it, network was working
incidentally, because there is a fallback in qubes-misc-post.service,
but dynamic network change was broken.
This applies at least to Debian stretch.
FixesQubesOS/qubes-issues#3192
Debian stretch in default configuration calls apt-get update every 24h.
And additionally, have automatic unattended security updates enabled.
Generally it would be good thing on standalone system, but in AppVM
which loose its rootfs changes after restart it is a waste of resources.
Especially when it kicks in on multiple VMs simultaneously, while on
battery (apt-daily.service have ConditionACPower=true, but VM don't have
that information...).
It would make some sense on TemplateVM/StandaloneVM, but then it kicks
in just at VM startup. Which conflicts with starting the update manually
then (by clicking "update VM" button in manager for example, or using
salt).
So, disable this feature completely.
The actual solution is based on pkg-manager-no-autoupdate by @adrelanos.
FixesQubesOS/qubes-issues#2621
If root filesystem is the last partition (new layout), resize it
in-place. Use 'parted' tool because it can resize just one partition,
without need to specify the whole new partition table. Since the
partition is mounted, parted is unhappy to modify it. Force it by
answering to its interactive prompts, and add (apparently not
documented) ---pretend-input-tty to use those answers even
though stdin is not a tty. Split the operation into multiple parted
calls, for more reliable interactive prompts handling.
Qubes 3.x disk layout (no partition table) is also supported, but the
one that was used in Qubes 4.0 rc1 (root filesystem as the first
partition) is not.
FixesQubesOS/qubes-issues#3173QubesOS/qubes-issues#3143
* fixes-20171002:
qubes.ResizeDisk: handle dmroot being a symlink
qrexec: use user shell instead of hardcoded /bin/sh
qrexec: code style fix - use spaces for indentation
Add convenient wrappers for qvm-copy-to-vm and qvm-move-to-vm
Currently building the package fails with an error 'qubes-r3.2: key "2043E7ACC1833B9C" is unknown'.
This also harmonizes the code with the current documentation: https://www.qubes-os.org/doc/templates/archlinux/#binary-packages-activation
(cherry picked from commit 5662d7e5fe7f5236a2623f725b7e0f908d26631f)
Without this change the package builds successfully but there is a
file conflict error when installing it.
(cherry picked from commit 4f26267796fa856d1e3a2883494b7cc09221b2e9)
Default `ask` policy ignore target domain specified by the caller, so it
doesn't make sense to specify one. Provide convenient wrappers not
needing one. Do not change behaviour of existing tools for compatibility
reasons.
FixesQubesOS/qubes-issues#3141
